? 497936-profile-fieldnames-have-dashes-reversed.txt ? 672864-cols-incorrect.patch ? 697208-display-validation.patch ? 780768-ui-preview_0.patch ? 981870-safe-dom-id.patch ? diff ? doc ? drupal.org files issues views_910864_0.txt ? render_link ? tests ? views-962564_0.patch ? views-plugin-argument-default-user-17.patch ? views-summary-hide-attachment_2.patch ? views-unique-dom-id-improved-reworked.patch ? modules/search/views-view-row-search.tpl.php ? modules/user/views_handler_field_is_online.inc Index: includes/ajax.inc =================================================================== RCS file: /cvs/drupal-contrib/contributions/modules/views/includes/ajax.inc,v retrieving revision 1.20.2.2 diff -u -p -r1.20.2.2 ajax.inc --- includes/ajax.inc 12 Oct 2010 22:18:22 -0000 1.20.2.2 +++ includes/ajax.inc 20 Jan 2011 21:47:59 -0000 @@ -19,7 +19,7 @@ function views_ajax() { $display_id = $_REQUEST['view_display_id']; $args = isset($_REQUEST['view_args']) && $_REQUEST['view_args'] !== '' ? explode('/', $_REQUEST['view_args']) : array(); $path = isset($_REQUEST['view_path']) ? $_REQUEST['view_path'] : NULL; - $dom_id = isset($_REQUEST['view_dom_id']) ? intval($_REQUEST['view_dom_id']) : NULL; + $dom_id = isset($_REQUEST['view_dom_id']) ? check_plain($_REQUEST['view_dom_id']) : NULL; $pager_element = isset($_REQUEST['pager_element']) ? intval($_REQUEST['pager_element']) : NULL; views_include('ajax'); $object = new stdClass(); Index: theme/theme.inc =================================================================== RCS file: /cvs/drupal-contrib/contributions/modules/views/theme/theme.inc,v retrieving revision 1.84.2.22 diff -u -p -r1.84.2.22 theme.inc --- theme/theme.inc 20 Jan 2011 20:07:12 -0000 1.84.2.22 +++ theme/theme.inc 20 Jan 2011 21:48:00 -0000 @@ -36,6 +36,51 @@ function _views_theme_functions($hook, $ } /** + * Generates a unique dom id for the view. + * + * @param $view + * object view + * @return + * string view dom id + */ +function _views_generate_dom_id($view) { + // If the dom_id property has already been set, it used as a view identifier. + // If the function views_ajax() was previously invoked the dom_id might + // already have a client-defined value. + if (isset($view->dom_id) && !empty($view->dom_id)) { + return $view->dom_id; + } + + // Clients may set the dom_id per request as they can bypass the views_ajax() + // function with a custom menu call back and the invokation of + // views_embed_view(). It is needed when the same display is rendered + // multiple times on a common HTML page by separate requests. + // Clients are supposed to look up the view_dom_id entries of the + // Drupal.settings.views.AjaxViews array and calculate a unique id themselves. + if (isset($_REQUEST['view_dom_id'])) { + // Use check_plain() to prevent XSS attacks and encode HTML special characters. + return check_plain($_REQUEST['view_dom_id']); + } + + // The following code fragement provides unique identifiers per request. It + // is needed when the same view display is rendered multiple times on a + // common HTML page within the same request. The ID is determined by the + // view's name, display name and an incremential counter. It also prevents + // ID clashing if different view displays are rendered by separate requests. + // A simple incremental counter wouldn't avoid that. + static $dom_ids = array(); + $base = $dom_id = views_css_safe($view->name . '-' . $view->current_display); + $counter = 0; + + while (!empty($dom_ids[$dom_id])) { + $dom_id .= $base . '-' . ++$counter; + } + + $dom_ids[$dom_id] = TRUE; + return $dom_id; +} + +/** * Preprocess the primary theme implementation for a view. */ function template_preprocess_views_view(&$vars) { @@ -137,8 +182,7 @@ function template_preprocess_views_view( // we set up a running counter, $dom_id, to issue a "unique" identifier for // each view. This identifier is written to both Drupal.settings and the DIV // wrapper. - static $dom_id = 1; - $vars['dom_id'] = !empty($view->dom_id) ? $view->dom_id : $dom_id++; + $vars['dom_id'] = _views_generate_dom_id($view); $vars['classes_array'][] = 'view-dom-id-' . $vars['dom_id']; // If using AJAX, send identifying data about this view.